Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

frontend: Be pessimistic about arguments

The code to handle -o added two arguments to the final array.
However, longopt allows "-o file" to also be passed as
"--output=file".  This causes one argument to cause two to be added.
This means that we can't have the destination array be the same size
as the original.

I've decided to use the most pessimistic case for allocation, one
where every argument causes two to be added (parrot --output=file1
--output=file2 etc).  Alternative solutions include passing it as
"-o=file" instead and having prt0 handle breaking it apart, but this
is the fastest way to fix the memory overrun.
  • Loading branch information...
commit 03b3d5fb10dcc61785a269be4e771d85a39c544e 1 parent 96ff976
@Benabik Benabik authored
Showing with 8 additions and 1 deletion.
  1. +8 −1 frontend/parrot2/main.c
9 frontend/parrot2/main.c
@@ -553,7 +553,11 @@ parseflags(Parrot_PMC interp, int argc, ARGIN(const char *argv[]),
int result = 1;
int nargs = 0;
int i;
- const char **pargs = (const char**)calloc(argc, sizeof (char*));
+ // Any option with an argument we handle may split an argument
+ // into two. So be pessimistic with the allocation.
+ int pargs_size = argc * 2;
+ const char **pargs = (const char**)calloc(pargs_size, sizeof (char*));
if (argc == 1) {
@@ -683,6 +687,9 @@ parseflags(Parrot_PMC interp, int argc, ARGIN(const char *argv[]),
for (i = opt.opt_index; i < argc; i++)
pargs[nargs++] = argv[i];
+ // Make sure we don't overrun the end of the array
+ PARROT_ASSERT(nargs <= pargs_size);
args->argv = pargs;
args->argc = nargs;

0 comments on commit 03b3d5f

Please sign in to comment.
Something went wrong with that request. Please try again.